This Page Is Inserted by IFW Operations 
and is not a part of the Official Record 



BEST AVAILABLE IMAGES 

Defective images within this document are accurate representations of 
the original documents submitted by the applicant. 

Defects in the images may include (but are not limited to): 

• BLACK BORDERS 

. TEXT CUT OFF AT TOP, BOTTOM OR SIDES 

• FADED TEXT 

. ILLEGIBLE TEXT 

• SKEWED/SLANTED IMAGES 

• COLORED PHOTOS 

. BLACK OR VERY BLACK AND WHITE DARK PHOTOS 
. GRAY SCALE DOCUMENTS 

IMAGES ARE BEST AVAILABLE COPY. 

As rescanning documents will not correct images, 
please do not report the images to the 
Image Problem Mailbox. 



(19) Japanese Patent Office (JP) 

(12) Publication of Patent Applications (A) 

(11) Patent application publication number 

Kokai (unexamined patent publication) NO. 2000-20377 
(P2000-20377A) 

(43) Publication date: January 21, 2000 
Domestic classification symbol 
Theme code (for reference) 
Request for examination 
Not requested 
Number of claims: 18 
(14 pages in total) 

(21) Application No.: Patent application No. 11-324859 

(22) Filing date: June 30, 1998 
(71) Applicant: 000006769 

LION CORPORATION 

1- 3-7, Honjo, Sumida-ku, Tokyo 

(71) Applicant: 000131201 
CSK Co. , Ltd. 

2- 6-1, Nish-shinjuku, Shinjuku-ku, Tokyo 

(72) Inventor: Toyoyuki Sato 

c/o LION CORPORATION, 1-3-7, Honjo, Sumida-ku, Tokyo 
(74) Representative: 100081961 
Mitsuharu Kiuchi, patent attorney 
Continued to the last page 

(54) Title of the Invention 
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(57) [Abstract] 

[Purpose] To correlate an access right with an organizational 
attribute of a user and thereby change data management easily 

[Means for accomplishing the purpose] 

Adocument access designation unit 42 designates what mode (kind) 
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of access such as reference, making and approval should be made 
and to which document in a database 1 . A document making and 
reference right check unit 43 judges whether a user has an access 
right to the designated document and the kind of access based 
on the section he belongs to and his post. A page making and 
reference right check unit 45 checks whether the user has an 
access right to reference and making for the part of document 
designated by a document contents indication unit 44 and the 
kind of access. A page indication and writing unit 46 indicates 
the page of the designated document. 

1 Database 

2 Database management system 

3 Display input interface unit 

4 Document management control unit 

41 User check unit 

42 Document access designation unit 

43 Document making and reference right check unit 

44 Document contents indication unit 

45 Page making and reference right check unit 

46 Page indication and writing unit 

[Scope of claim for patent] 

[Claim 1] A database system that manages data, comprising: 
a device that designates which data a user should access; 
a judgement device that judges whether the user has an access 

right to the designated data based on the organizational 

attribute that is given to each user in advance; and 

an access device that makes the user who is judged to have 

an access right access the designated data. 

[Claim 2] The database system according to claim 1, further 
comprising : 

when a user is judged to have an access right to the designated 
data, 

a device that indicates what part of data the designated 
data has; 
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a device that designates what part of data the user should 
access; and 

a second judgement device that judges whether the user has 
an access right to the designated part of data based on the 
organizational attribute that is given to each user in advance, 
wherein 

the access device makes the user who is judged to have an 
access right to the designated part of data access said part 
of data. 

[Claim 3] The database system according to claim 1 or 2, wherein 
each of data is classified into a plurality of groups in 
advance; and 

the judgement device judges whether a user has an access 
right to the designated data based on the correlation of the 
classification of the designated data with the organizational 
attribute that is given to each user in advance. 

[Claim 4] The database system that manages data, comprising: 
an attribute table that correlates each user with the section 

that he belongs to and his post; 

a classification table that classifies data into a group 

of data including one of data, or two or more of data and a large 

group of data including one group of data, or two or more groups 

of data; 

a table that correlates one version, or two or more versions 
of each data with the pages included in the data and at least 
one of either one version, or two or more versions of each page; 
and 

an access right table that stores whether the user has an 
access right to the data, for at lest one each of the group of 
data, a large group of data, data, versions of data, pages and 
versions of pages, based on at least one of either the section 
that the user belongs to or his post. 

[Claim 5] The database system that manages data, 
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comprising : 

an access right table that stores what kind of organizational 
attribute a user has and what kind of access right he has for 
data or a part of data; 

a device that checks whether the user has the right to use 
the database system; 

a device that designates the data that the user will access; 

a device that judges whether the user has an access right 
to the designated data based on his organizational attribute 
and the access right table; 

a device that indicates what parts of data the data has when 
the user has an access right to the designated data; 

a device that designates the part of data that the user will 
access and the kind of access; 

a device that judges whether the user has an access right 
to the designated part of data and the kind of access based on 
the access right table; and 

an access device that makes the user execute an access right 
when the user has an access right to the designated part of data 
and the kind of access. 

[Claim 6] The database system that manages data, 
comprising : 

An attribute table that stores the organizational attribute 
of each user; 

An access right table that stores whether the user has an 
access right to each data based on the organizational attribute; 
and 

a judgement device that judges whether each user is allowed 
to access the designated data based on the attribute table and 
the access right table. 

[Claim 7] The database system according to claim 6, further 
comprising : 

a classification table that classifies individual data into 
a plurality of groups including one or more hierarchies, 
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wherein 

the access right table stores whether the user has an access 
right to data based on each individual classification. 

[Claim 8] The database system according to claim 6 or claim 7 , 
wherein 

the attribute table includes at least one of either the section 
that a user belongs to or his post; and 

the access right table stores whether the user has an access 
right to data based on at least one of either the section that 
the user belongs to or his post. 

[Claim 9] The database system according to one of claims 6 to 

8, wherein 

the access right table stores whether a user has an access 
right according to the kind of access. 

[Claim 10] The database system according to one of claims 6 to 

9, wherein 

the access right table stores whether a user has an access 
right based on at least one of either the version of data, pages 
included in the data or versions of pages as a unit; and 

the judgement device is so constituted as to judge whether 
the user is allowed to access the version, pages or versions 
of pages designated to data. 

[Claim 11] The database system according to one of claims 6 to 

10, further comprising : 

a table that limits the access to at least one of the data, 
version of data, pages or versions of pages only to a part of 
the users of the section. 

[Claim 12] The database system according to claim 10 or claim 

11, further comprising: 

a table that stores the contents of data for each page. 
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[Claim 13] The data management method that manages data, 
including : 

a step of designating which data a user should access; 

a step of judging whether the user has an access right to 
the designated data based on the organizational attribute that 
is give to each user in advance; and 

a step of making the user who is judged to have an access 
right access the designated data. 

[Claim 14] The data management method according to claim 13, 
including : 

when a user is judged to have an access right to the designated 
data, 

a step of indicating what part of data the designated data 
has; 

a step of designating what part of data the user should access; 

and 

a step of judging whether the user has an access right to 
the designated part of data based on the organizational attribute 
that is given to each user in advance, 
wherein 

the access step makes the user who is judged to have an access 
right to the designated part of data access said part of data. 

[Claim 15] The data management method according to claim 13 or 
claim 14, wherein 

each of data is classified into a plurality of groups in 
advance; and 

the judgement step judges whether a user has an access right 
to the designated data based on the correlation of the 
classification of the designated data with the organizational 
attribute that is given to each user in advance. 

[Claim 16] The data management method for managing data, which 
uses : 

an attribute table that correlates each user with the section 
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that he belongs to and his post; 

a classification table that classifies data into a group 
of data including one of data, or two or more of data and a large 
group of data including one group of data , or two or more groups 
of data; 

a table that correlates one version, or two or more versions 
of each of data with the pages included in the data and at least 
one of either one version, or two or more versions of each page; 
and 

an access right table that stores whether the user has an 
access right to the data, for at lest one each of the group of 
data, a large group of data, data, versions of data, pages and 
versions of pages, based on at least one of either the section 
that the user belongs to or his post. 

[Claim 17] A recording medium that records software for data 
management that manages data using a computer, wherein 

the software makes the computer receive the designation as 
to which data a user accesses and judge whether the user has 
an access right to the designated data based on the organizational 
attribute that is given to each user in advance; and 

the software makes the user who is judged to have an access 
right access the designated data. 

[Claim 18] The recording medium that records software for data 
management according to claim 17, wherein 

the software makes the computer indicate what part of data 
the designated data has when the user is judged to have an access 
right to the designated data; 

the software makes the computer receive the designation as 
to which part of data the user should access; 
the software makes the computer judge whether the user has an 
access right to the designated part of data based on the 
organizational attribute that is given to each user in advance; 
and 

the software makes the user who is judged to have an access 
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right to the designated part of data access said part of data. 

[Detailed description of the invention] 
[0001] 

[Field of the Invention] 

The present invention relates to the improvement of the 
technology pertaining to a database that stores and manages 
documents and the like, and more specifically to the technology 
that correlates an access right with the organizational attribute 
of a user and thereby changes data management easily. 

[0002] 

[Prior art] In the database that a plurality of users use, 
management of an access right is important to prevent an unlawful 
reference and alteration of documents, files and data 

(hereinafter referred to as "data") . The access right is the 
right that represents which user can access what data and how, 
and generally, it is set according to the kind of access such 
as making, reference, edition and deletion. 

[0003] 

The following are the technologies pertaining to the 
management of the access right. 

(1) The technology is known in which a password such as a key 
word and an access code is set using data as a unit and which 
allows the user who knows the password to access the file. 

[0004] 

(2) The technology is also known in which an access right is 
set as a unit using a group of data consisting of a directory, 
etc. as a unit, and which limits for which group of data the 
access is permitted based on the user ID and password that the 
user inputs . 

[0005] 

(3) Furthermore, the technology is known which sets the 
possibility, yes or no, with regard to a plurality of authority, 
for example, when a user accesses a group of data, which item 
of the data the user can operate, and what kind operation can 
be permitted, and which can assign the kind of the authority 
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related to each data group to each individual user, as disclosed 
in Kokai (unexamined patent publication) No. 9-6681. 
[0006] 

(4) Disclosed in Patent No. 2700517 (Kokai (unexpected patent 
publication) No. 6-266591) is an example in which for the data 
management using a relational database, each version of data 
and each version in page units of data are correlated with each 
other and are stored at the same time. In this example, the kind 
of secrecy can be also set to each version and page, and the 
access right can be managed based on the attribute of each user. 

[0007] 

[ Problems to be solvedby the invention] In the prior art described 
above, however, since an access right was managed for each 
individual user independently of his organizational section or 
post, there was a problem in that to make a change related to 
an access right was abothersome job when the kindof data increased 
or personnel reshuffling occurred. 

[0008] 

In the case of (1) above, since a password was set to data 
as a target, it was not possible to use the data unless each 
user who uses the data to do a common service was informed of 
the password. Thus, there was a problem in that it took some 
time and labor to let the users in a necessary range know the 
password, and as the kind of password increases, the users had 
a heavy burden of managing the increased passwords . Furthermore, 
when a user who knew a password lost his access right to data 
owing to his reshuffling, etc., a complicated procedure for 
changing the password, etc. was required. 
[0009] 

In the case of (2) above, the ID and password that correspond 
to a group of data must have been made known only to each user 
who can access the group of data. When the user lost his access 
right, for example, because he changed his job due to personnel 
reshuffling, it was difficult to carry out the management of 
preventing a user having an original access right from making 
unauthorized access. 
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[0010] 

In the case of (3) above, since an access right was set in the 
relationship between each user and the operable items or contents, 
the setting of the access right was complicated. In particular, 
when he changed the section he belonged to due to personnel 
reshuffling, etc. and his access right changed accordingly, the 
access right must have been set again in the relationship between 
each user and the operable items or contents, thereby causing 
the user to bear a burden of time and labor. 
[0011] 

Particularly, with regard to the access right within an 
organization like a company, both the viewpoint of what 
level-post of user can access data, and the viewpoint of which 
section ofuseris reasonably allowed to access data are required. 
In prior art, however, the viewpoint that should be a plurality 
of viewpoints was centralized in a table that indicates access 
rights . As a consequence, when personnel reshuffling took place, 
reorganization of departments took place, or data increased, 
such a centralized table must have been corrected in the 
relationship of each individual person without any contradiction, 
and it took a lot of time and labor to correct the centralized 
table exactly. 
[0012] 

The present invention has been developed to solve the problems 
existing in the prior art as mentioned above. One purpose of 
the present invention is to correlate an access right with the 
organizational attribute of a user and thereby change data 
management easily, and another purpose of the present invention 
is to set access rights to a plurality of documents collectively 
and efficiently. Also, another purpose of the present invention 
is to cause an access right to be set for each part of a document 
and thereby manage security meticulously. 
[0013] 

[Means for solving the problems] In order to accomplish the 
above-mentioned purposes, the invention according to claim 1 
comprises, in a databases system that manages data, 



10 



a device that designates which data a user should access; 

a judgement device that judges whether the user has an access 
right to the designated data based on the organizational 
attribute that is given to each user in advance; and 

an access device that makes the user who is judged to have 
an access right access the designated data. 

The invention according to claim 6 indicates a data structure 
of a table in connection with the invention according to claim 
1, and comprises, in a database system that manages data, 

an attribute table that stores the organizational attribute 
of each user; 

an access right table that stores whether the user has an 
access right to each data based on the organizational attribute; 
and 

a judgement device that judges whether each user is allowed 
to access the designated data based on the attribute table and 
the access right table . 

The invention according to claim 13 is the one that views the 
invention according to claim 1 from the viewpoint of a method, 
and comprises, in a data management method that manages data, 

a step of designating which data the user should access; 

a step of judging whether the user has an access right to 
the designated data base on the organizational attribute that 
is give to each user in advance; and 

a step of making the user who is judged to have an access 
right access the designated data. 

The invention according to claim 17 is the one that views the 
invention according to claims 1 and 13 from the viewpoint of 
a recording medium that records software of a computer, and in 
a recording medium that records software for data management 
that manages data using a computer, 

the software makes the computer receive the designation as 
to which data the user accesses and judge whether the user has 
an access right to the designated data based on the organizational 
attribute that is given to each user in advance; and 

the software makes the user who is judged to have an access 
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right access the designated data. 

In the invention according to claims 1, 6, 13 and 17, whether 
a user is allowed to access each of data is judged based on the 
organizational attribute such as the user's section and post. 
Therefore, when his section and post change due to personnel 
reshuffling, if he changes his organizational attribute, the 
contents of the access right automatically change together. 
Consequently, it becomes unnecessary to take the trouble of 
inputting his password for each of data which he accesses, and 
of changing his password or setting his access right for each 
of data again when personnel reshuffling takes place. 
[0014] 

The invention according to claim 2 comprises, in the database 
system according to claim 1, 

when the user is judged to have an access right to the 
designated data, 

a device that indicates what part of data the designated 
data has; 

a device that designates what part of data the user should 
access; and 

a second judgement device that judges whether the user has 
an access right to the designated part of data based on the 
organizational attribute that is given to each user in advance, 
wherein 

the access device makes the user who is judged to have an 
access right to the designated part of data access said part 
of data. 

The invention according to claim 5 comprises, in a database system 
that manages data, 

an access right table that stores what kind of organizational 
attribute a user has and what kind of access right he has for 
data or a part of data; 

a device that checks whether the user has the right to use 
a database system; 

a device that designates the data that the user he will access ; 

a device that judges whether the user has the access right 
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to the designated data based on the user's organizational 
attribute and the access right table; 

a device that indicates what part of data the data has when 
the user has an access right to the designated data; 

a device that designates the part of data that the user will 
access and the kind of access; 

a device that judges whether the user has an access right 
to the designated part of data and the kind of access based on 
the access right table; and 

an access device that makes the user execute an access right 
when the user has an access right to the designated part of data 
and the kind of access. 

The invention according to claim 14 is the one that views the 
invention according to claim 2 from the viewpoint of a method, 
and includes, in the data management method according to 13, 

when the user is judged to have an access right to the 
designated data, 

a step of indicating what part of data the designated data 
has; 

a step of designating what part of data the user should access; 

and 

a step of judging whether the user has an access right to 
the designated part of data based on the organizational attribute 
that is given to each user in advance, 
wherein 

the access step makes the user who is judged to have an access 
right to the designated part of data access said part of data. 
The invention according to claim 18 is the one that views the 
invention according to claims 2 and 14 from the viewpoint of 
a recording medium that records software for a computer, wherein, 
in the database system according to claim 17, 

the software makes the computer indicate what part of data 
the designated data has when the user is judged to have an access 
right to the designated data; 

the software makes the computer receive the designation as 
to which part of data the user should access; 
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the software makes the computer judge whether the user has an 
access right to the designated part of data based on the 
organizational attribute that is given to each user in advance; 
and 

the software makes the user who is judged to have an access 
right to the designated part of data access said part of data. 
In the invention according to claims 2, 5, 14 and 18, what part 
of data such as version and page the data has is indicated only 
when it is confirmed whether a user has an access right to the 
data in addition to when it is checked whether the user has the 
right to use the database system when logging in. Moreover, an 
access right is confirmed with regard to the part of data that 
the user will access and the kind of access. Thus, security of 
the system is further improved by disclosing information to users 
step by step. 
[0015] 

The invention according to claim 3 comprises, in the database 
system according to claims 1 and 2, 

each of data is classified into a plurality of groups in 
advance; and 

the judgement device judges whether the user has an access 
right to the designated data based on the correlation of the 
classification of the designated data with the organizational 
attribute that is given to each user in advance. 
The invention according to claim 7 indicates a data structure 
of a table in connection with the invention according to claim 
3, and comprises, in the database system according to claim 6, 

a classification table that classifies individual data into 
a plurality of groups including one or more hierarchies, 
wherein 

the access right table stores whether the user has an access 
right to data based on each individual classification. 
The invention according to claim 15 is the one that views the 
invention according to claim 3 from the viewpoint of a method, 
wherein, in the data management method according to claims 13 
and 14, 
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each of data is classified into a plurality of groups in 
advance; and 

the judgement step judges whether the user has an access 
right to the designated data based on the correlation of the 
classification of the designated data with the organizational 
attribute that is given to each user in advance. 
In the invention according to claims 3, 7, and 15, it is possible 
to set access rights with regard to a plurality of data having 
a common character collectively and efficiently using the kind 
of data and a superordinate concept such as a higher-ranked large 
classification . 
[0016] 

The invention according to claim 4 comprises, in the database 
system that manages data, 

an attribute table that correlates each user with the section 
that he belongs to and his post; 

a classification table that classifies data into a group 
of data including one of data, or two or more of data and a large 
group of data including one group of data or two or more groups 
of data; 

a table that correlates one version, or two or more versions 
of each of data with the pages included in the data and at least 
one of either one version, or two or more versions of each page; 
and 

an access right table that stores whether the user has an 
access right to the data, for at lest one each of the group of 
data, a large group of data, data, versions of data, pages and 
versions of pages, based on at least one of either the section 
that the user belongs to or his post. The invention according 
to claim 16 is the one that views the invention according to 
claim 4 from the viewpoint of a method, and uses, in the data 
management method that manages data, 

an attribute table that correlates each user with the section 
that he belongs to and his post in advance; 

a classification table that classifies data into a group 
of data including one of data, or two or more of data and a large 
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group of data including one group of data, or two or more groups 
of data; 

a table that correlates one version, or two or more versions 
of each data with the pages included in the data and at least 
one of either one version, or two or more versions of each page; 
and 

an access right table that stores whether the user has an 
access right to the data, for at lest one each of the group of 
data, a large group of data, data, versions of data, pages and 
versions of pages, based on at least one of either the section 
that the user belongs to or his post. In the invention according 
to claims 4, and 16, it is possible to set access rights to data 
collectively using a superordinate concept such as a kind of 
data and a large classification, or using part of data such as 
every version or every page as a unit. It is also possible to 
set access rights using these as units based on the section he 
belongs to or his post. Consequently, sharing of information 
and security can be competent with each other by disclosing an 
appropriate kind of data or an appropriate part of data to an 
competent person holding a managerial post in a section concerned. 
As a processing procedure using these tables, such a procedure 
can be considered in which after a user confirms an access right 
using data as a unit, the user can see what version or page exists, 
and when he further selects the version or page he will access 
based on that, an concrete access right is confirmed for the 
selected version or page. Also, each table can be constituted 
as an each individual table or can be constituted, for example, 
as a plurality of tables according to each kind of correlative 
relationship . 
[0017] 

The invention according to claim 8 comprises, in the database 
system according to claims 6 and 7, 

the attribute table includes at least one of either the section 
that the user belongs to or his post; and 

the access right table stores whether the user has an access 
right to data based on at least one of either the section that 
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the user belongs to or his post. 

In the invention according to claim 8, since it is judged whether 
the user has an access right to data based on the section he 
belongs to or his post, this invention according to claim 8 can 
be easily applied to many organizations that have a systematical 
hierarchical-post system for each section. 
[0018] 

The invention according to claim 9 comprises, in one of the 
database systems according to one of claims 6 through 8, 

the access right table stores whether the user has an access 
right according to the kind of access. 

In the invention according to claim 9, since an access right 
can be set according to the kind of access such as reference 
for only seeing data, making data and approval of data, security 
can be properly managed according to the flow of business and 
the scope of authorities. 
[0019] 

The invention according to 10 comprises, in the database 
systems according to one of claims 6 through claim 9, 

the access right table stores whether the user has an access 
right based on at least one of either the version of data, pages 
included in the data or versions of pages as a unit; and 

the judgement device is so constituted as to judge whether 
the user is allowed to access the version, pages or versions 
of pages designated to data. 

In the invention according to claim 10, an access right to data 
such as a document can be set using a part of data such as each 
version and each page as a unit. Consequently, when a character 
differs depending on a part of even one kind of data, it is not 
necessary to decide whether the user is allowed to access the 
data as a whole. Thus, it is possible to properly set whether 
priority is placed on the use of information by allowing the 
user to access the data or whether priority is placed on security 
without allowing the user to access the data. 
[0020] 

The invention according to claim 11 comprises, in the database 
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system according to one of claims 6 to 10, 

a table that limits the access to at lest one of the data, 
version of data, pages or versions of pages only to a part of 
the users of the section. 

In the invention according to claim 11, with regard to the data 
that is the confidential matters that must be made secret to 
other sections in an organization and the data that cannot be 
disclosed to other sections because the data is being made yet, 
access can be limited to only the users of a part of the sections 
such as the section that makes the data, thus causing security 
to be further improved. 
[0021] 

The invention according to claim 12 comprises a table that 
stores the contents of data for each page in the database system 
according to claim 10 or claim 11. In the invention according 
to claim 12, the contents of each page can be stored in the form 
of an easy-to-use table on a relational database, thereby causing 
the storage to be implemented easily. 
[0022] 

[Mode for carrying out the invention] Described below is the 
mode for carrying out the present invention (hereinafter referred 
to as "embodiment" ) with reference to the accompanying drawings . 
It is considered to be general to realize the present invention 
by controlling a computer having peripheral devices by means 
of software. In this case, the software is made by a combination 
of commands in accordance with the description of this 
specification, and the technique that was explained in the prior 
art is also used for the part common to prior art. The software 
includes not only a program code but also data that is prepared 
in advance to execute the program code. 
[0023] 

The software realizes the operation and effect of the present 
invention by making use of physical resources such as a processing 
devices like a CPU, a coprocessor, and various kinds of chip 
sets; an input device like a keyboard and a mouse; a storage 
device like a memory and a hard disk; and an output device like 
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a display and a printer . 
[0024] 

The constitution of the software and hardware that realize 
the present invention can be changed to various kinds of 
constitutions. For example, there are a compiler , an interpreter , 
and an assembler in the type of software, and a network connection 
device and an attachable and detachable recording medium such 
as a floppy disk can be considered in order to exchange information 
with outside. Also, a recording medium such as the CD-ROM that 
records the software and program to realize the present invention 
is an embodiment of the present invention by itself . Furthermore, 
part of the functions of the present invention can be realized 
by a physical electronic circuit such as an LSI. 
[0025] 

Thus, various kinds of modes for carrying out the present 
invention using a computer can be considered. Described below 
are the present invention and the embodiment using a virtual 
circuit block that realizes each function included in the present 
invention and the embodiment. In regard to the drawings which 
will be used hereunder, like elements or similar kinds of elements 
are denoted by like reference numerals to omit explanations of 
the like elements each time. 
[0026] 

[1 . Outline of embodiment] Fig. 1 is a conceptual diagram showing 
the outline of this embodiment. In this embodiment, data such 
as a document is stored in a database 1, attributes such as a 
section and a post of each user are stored in an attribute table 
H, and what attribute of user has an access right to reference 
and making with regard to each individual document stored in 
the database 1 is stored in an access right table T, as shown 
in Fig. 1 . An output device 3a such as a CRT monitor and an input 
device 3b such as a keyboard and a mouse are provided as an 
interface that exchanges information such as directives and data 
with a user. 
[0027] 

When a user designates a document that he wants to access 
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from a designation device 142, a judgement device 143 refers 
to the attribute table H and the access right table T and judges 
whether the user has an access right to the designated document 
based on the organizational attribute of the user. When the user 
has the access right, an access device 146 executes the access 
to the designated document. 
[0028] 

[2. Constitution of embodiment] 

[2-1. Overall constitution] Fig. 2 is a function block diagram 
showing a concrete constitution of this embodiment. This 
embodiment applies thepresent invention to a relational database, 
and comprises a database 1, a DBMS (database management system) 
2, a display input interface unit 3 and a document management 
control unit 4, as shown in Fig. 2. 
[0029] 

The database 1 is a relational database, and can store a variety 
of data in the form of a table. Not only documents such as a 
character string text but also various kinds of files, e.g. files 
including decoration data peculiar to various kinds of 
application programs, graphics files such as a bit-map image, 
a worksheet for a table calculation program, and drawing data 
files for drawing tools and graphics software can be stored in 
the database 1 . 
[0030] 

It is presumed that the database 1 stores documents as data 
here in this embodiment and that it also stores a plurality of 
tables to manage documents and manage an access right to the 
documents, as concretely described later. 
[0031] 

The DBMS 2 performs various operations such as making, 
addition, retrieval, updating and deletion with regard to the 
data such as documents stored in the database 1. The display 
input interface unit 3 is the interface that receives the input 
of various directives and data from a user and provides the user 
with data taken out from the database 1 and information of messages 
such as operational prompt. 
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[0032] 

The document management control unit 4 refers to each table 
in the database 1 according to the directives given from the 
user via the display input interface unit 3 and makes the user 
having an access right access a document in the database 1. This 
document management control unit 4 comprises a user check unit 
41, a document access designation unit 42, a document making 
and reference right check unit 43, a document contents indication 
unit 44, a page making and reference right check unit 45, and 
a page indication and writing unit 46. 
[0033] 

The user check unit 41 checks whether the user who is going 
to access the database 1 is a regular registered user based on 
his personal ID and password inputted from the display input 
interface unit 3, and captures his organizational attributes 
such as the section he belongs to and his post from a table in 
the database 1 in order to check his access right. 
[0034] 

The document access designation unit 42 designates what kind 
of document in the database 1 the user should access and what 
mode (kind) of access, reference, making or approval, he should 
make, and the document access designation unit 42 acquires the 
ID number of the document that uniquely determines which document 
the designated document is from a table in the database 1. 
[0035] 

The document making and reference right check unit 4 3 checks 
whether a user has a right to implement reference, making or 
approval for a designated document, i.e. an access right. If 
it is found that the user does not have this access right, the 
process cannot proceed to the next step like the step of document 
contents indication . 
[0036] 

The document contents indication unit 44 indicates the 
constitution (hereinafter referred to as '"contents") of what 
version or what logical page (hereinafter referred to as "logical 
page" or "page") the designated document has in the form of a 
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table. The user sees the contents and designates which part, 
namely which version or which page of the document he wants to 
access, to the document contents indication unit 44, and also 
designates a mode such as a reference mode and a making mode 
as the kind of access. 
[0037] 

The page making and reference right check unit 45 checks 
whether the user has an access right to implement reference, 
making, etc. for the part designated by the document contents 
indication unit 44 and the kind of access, and if it is found 
that the user does not have this access right, the process does 
not proceed to the next step. The document making and reference 
right check unit 43 and the page making and reference right check 
unit 45 judge whether the access to the designated data is 
permitted to each individual user, and correspond to the second 
judgement device described in the scope of claim for patent. 
[0038] 

The page indication and writing unit 46 indicates the page 
of a designated document. In this page indication and writing 
unit 46, when a document is opened in a making mode, it is possible 
to write or rewrite the document in the displayed screen . However, 
when a document is opened in a reference mode, it is not possible 
to write or rewrite the document in the displayed screen. This 
page indication and writing unit 4 6 corresponds to the access 
device described in the scope of claim for patent. 
[0039] 

[2-2 . Constitutions of the tables] The following tables required 
to manage documents and manage access rights are registered in 
the database 1. Table A shown in Fig 3 is a table that stores 
the document name, symbol and kind of document with regard to 
each individual document. Also, registered in the Table A are 
the document ID that is uniquely assigned to a document so that 
documents do not overlap with each other as well as what kind 
of document the document belongs to. Since documents are 
discriminated from each other by document ID's, the document 
name may not necessarily be unique (sole) , but any document may 
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be freely named according to the application of the document. 
[0040] 

Table B shown in Fig. 4 indicates how many versions of 
documents and what version (hereinafter abbreviated to "document 
ver") of documents as a whole have been issued and stored for 
each document identified by document ID. For example, as a 
document whose document ID is "A001," there are two versions, 
version 1 and version 2, which are made at a different date. 
[0041] 

Table C shown in Fig. 5 stores what logic pages each version 
of the document identified by document ID in Table B shown in 
fig. 4 is composedof as well as what version (hereinafter referred 
to as "page version") each of the pages has. 
[0042] 

Table D shown in Fig. 6 correlates by which section each 
logic page and page version that constitute each document in 
Table C shown in Fig. 5 are made (namely, making section) with 
a secrecy level that is the information that limits an access 
right to part of sections. 
[0043] 

Table E shown in Fig. 7 classifies the kind of document 
correlated with each document in Table A shown in Fig. 3 into 
a large classification that is a superordinate concept. Thus, 
it is possible to easily set the access right for implementing 
making and reference using the superordinate concept of a large 
classification as a unit, as described in full detail later. 
Table A shown in Fig. 3 and Table E shown in Fig. 7 classify 
each individual document by means of two hierarchies, and 
correspond to the classification table mentioned above. 
[0044] 

Table F shown in Fig. 8 indicates a correlative relationship 
of what logic page should be included for each kind of document, 
and when a document is newly made or on some such occasion, any 
necessary page can be constituted by referring to this table. 
[0045] 

The contents of each individual logic page mentioned above 
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are stored in another table, and Table G shown in Fig. 9 indicates 
in which table the contents of each individual logic page are 
stored. Thus, by storing the contents of each individual logic 
page in a table, it is possible to constitute the table in the 
form of the same table in which the data itself and the data 
management table can be dealt with in a relational database, 
thereby causing the constitution to be implemented easily. 
[0046] 

Actual data that constitutes logic page PS01 (Fig. 9) as shown 
in Table G of Fig. 9 is divided into two according to the 
characteristics of data, and the divided data is stored in Tables 
TBL01 and TBL02 shown in Fig. 10 respectively. Likewise, Tables 
TBL31 and TBL32 shown in Fig. 11 stores actual data that 
constitutes another logic page PF01 (Fig. 9) . Since the contents 
of these pages differ according to the applications of concrete 
documents and the application programs used, the contents of 
these pages do not need to be limited to a specific format, but 
can be set freely. 
[0047] 

Document Reference Right Table shown in Fig. 12 is a table 
in which what section of user or what post of user has an access 
right to access data in a reference mode is registered based 
on the large classification of documents or the kind of document . 
Likewise, Document Making Right Table shown in Fig. 13 is a table 
in which what section of user or what post of user has an access 
right to access data in a making mode is registered for each 
large classification and each kind of document. 
[0048] 

Page Reference Right Table shown in Fig. 14 is a table in 
which what section of user or what post of user has an access 
right to access data in a reference mode is registered for each 
logic page of a document . Likewise, Page Making Right Table shown 
in Fig. 14 is a table in which what section of user or what post 
of user has an access right to access data in a making mode is 
registered for each logic page of a document. 
[0049] 
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Each of the tables shown in Figs. 12 to 14 stores whether 
a user has an access right to data based on the organizational 
attributes such as his section and post, and corresponds to the 
access right tables mentioned above. Theses access right tables 
store whether a user has an access right to data for each kind 
of access. 
[0050] 

Particularly, in the Page Reference Right Table and Page 
Making Right Table shown in Fig. 14, an access right is set for 
each page included in data, while in the access right table, 
an access right can be set for each version of documents and 
each version of pages. 
[0051] 

Table H shown in Fig. 15 stores the information related to 
each user who uses the system. Concretely speaking, Table H 
includes the section code of the section to which the user belongs 
and the post code that indicates his post in order to judge his 
access right in addition to his log-in name andpassword to confirm 
whether he is a regular registered user. The section and post 
are the organizational attributes of the user, and Table H 
corresponds to the attribute table mentioned above. 
[0052] 

[3. Operation of embodiment] The embodiment that is so 
constituted as described above operates as follows. Fig. 16 is 
a flowchart showing the processing procedure in this embodiment . 

[3-1. User attestation and document designation] A user inputs 
his log-in name and password from the display input interface 
unit 3 (Step 1) . When data related to the user is inputted, the 
user check unit 41 starts up in the document management control 
unit 4, and this user check unit 41 accesses Table H (Fig. 15) 
in the database 1 via DBMS 2 to check whether the user who 
corresponds to the inputted log-in name and password is 
registered . 
[0053] 

As a result, if it is found that the user who corresponds 
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to the inputted log-in name and password is registered (Step 
2) , the user check unit 41 reads the section code and post code 
of the logged-in user from Table H and stores them in the document 
management control unit 4, and then starts up the document access 
designation unit 42. 
[0054] 

When the user succeeds in log-in, the document access 
designation unit 42 indicates a list of documents of what 
documents are stored in the database 1 in the display input 
interface unit 3 based on the Table A (Fig. 3) in the database 
1, and the user designates the document that he wants to access 
from the list of documents (Step 3) . In this designation, the 
user identifies what document he wants to see by document ID, 
and identifies whether he only wants to refer to the document 

(reference mode) or he also wants to edit the document (making 
mode) . 

[0055] 

It is completely free in what format documents are indicated, 
and no format related thereto is illustrated here. For example, 
a list of documents can be simply indicated in the order of document 
name or in the order of last updating date, or for example, 
documents can be indicated in a tree structure for each kind 
of documents or each directory of documents, or can be indicated 
according to the level of an access right. 
[0056] 

[3-2. Judgement of an access right in document units] Then, the 
document access designation unit 42 retrieves Table A (Fig. 3) 
in the database 1 based on the document ID of the designated 
document, and identifies the kind of document that corresponds 
to the designated document (Step 4). The document access 
designation unit 42 further retrieves Table E (Fig. 7) in the 
database 1 and acquires the large classification that corresponds 
to the kind of document (Step 5) . 
[0057] 

Next, the document making and reference right check unit 
43 in the document management control unit 4 collates the kind 
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of document and large classification acquired as described above 
and the user's section and post obtained from Table H with the 
document reference right table (Fig. 12) and document making 
right table (Fig. 13) in the database 1, and checks whether the 
user has an access right to refer or make the document that he 
designates (Step 6) . 
[0058] 

For example, described below is how an access right is set 
in an example of the document reference right table shown in 
Fig. 12. 

(1) With regard to the kind of document TS01, any user whose 
top three characters of the section he belongs to is BUA has 
a reference right. 

(2) With regard to the kind of document TS02, any user whose 
post is A or B has a reference right regardless of what section 
he belongs to. 

(3) With regard to the document that belongs to the large 
classification TS-B, e.g. the kind of document TS04 or TS05, 
any user of any section or post has a reference right regardless 
of the kind of document. 

An asterisk " >l< " in the document reference right table (Fig. 
12) or the document making right table (Fig. 13) indicates that 
there is no limit, i.e. a wild card. When a user is judged to 
have an access right in the check of Step 6, the document contents 
indication unit 44 is started up. 
[0059] 

[3-3. Judgement of an access right in page units] The document 
contents indication unit 44 retrieves Tables A, B, C and D (Figs . 
3 to 6) in the database 1 based on the document ID of the document 
designated by the user, acquires information indicating which 
version, which page or which version of page the document is 
composed of, and indicates which version, which page or which 
version of page is in the document designated based on this 
information as well as the secrecy level and making section of 
each version, page or version of page (Step 7) . 
[0060] 
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The user designates which page or which version he wants to 
access, and in what mode he wants to access the page or version, 
in a reference or making mode, i.e. the kind of access (Step 
7) . Here, it is presumed that the user designates the object 
of access based on a logic page. 
[0061] 

Then, the page making and reference right check unit 45 checks 
whether the user has a making right and a reference right to 
the version, page and version of page designated as described 
above and the kind of access by retrieving the page reference 
right table and the page making right table (Fig. 14) (Step 8) . 
In what format an access right is set in the page reference right 
table and the page making right table is the same as described 
above about the document reference right table (Fig. 12) . 
[0062] 

Furthermore, the page making and reference right check unit 
45 refers to the secrecy level stored in Table D (Fig. 6) in 
the database 1 with regard to the designated page version of 
the designated logic page (Step 9) . This item of secrecy level 
temporarily limits the access right to a logic page of each 
individual document to part of sections and posts. For example, 
for the logic page in which secrecy level "J" is set in Fig. 
6, no user other than the user of the section registered as the 
making section of the said logic page can refer to or make the 
logic page. 
[0063] 

When the section code in which the secrecy level other than 
"J" e.g. "BUA02" (Fig. 8) is set is set, no section other than 
the same section or making section as the set code can refer 
to or make the logic page. Shown here is an example in which 
a secrecy level is set for the page and page version of data. 
The secrecy level may be set using the whole document or the 
version of a document as a unit. 
[0064] 

[3-4. Access to pages] Only when a user is judged to have an 
access right through all the checks, the substance of the page 



28 



that the user designates is indicated by the page indication 
and writing unit 46, and it becomes possible to only refer to 
the page or to edit the contents according to the kind of access 
that the user designates (Step 10) . On the other hand, if the 
user is judged not to have an access right through any of the 
checks in Steps 2, 6, 8 and 9, his access is rejected. 
[0065] 

Concretely speaking, the page indication and writing unit 
46 retrieves the table name showing in which table the data 
corresponding to the designated logic page is stored from Table 
G (Fig. 9) in the database 1, and acquires and indicates the 
data corresponding to the designated document ID and logic page 
from the table having a table name thus retrieved e.g. Tables 
TBL01 and TBL02 (Fig. 10) and Tables TBL31 and TBL32 (Fig. 11) . 
[0066] 

For example, as the result of referring to Table G, it becomes 
clear that the data indicating the contents of logic page PS01 
are included in Tables TB01 and TB02, so the data of the page 
that the user designates can be acquired and indicated in the 
display input interface unit 3 by retrieving the corresponding 
document ID e.g. the data of A001 from Tables TBL01 and TBL02 . 
[0067] 

When the user designates a "making" mode as the kind of access 
to the logic page, for example, a blinking cursor appears on 
the editable character string on the display screen, and when 
the user edits the contents using the cursor and operates 
termination, the contents so edited are rewritten in the 
corresponding table again, and the contents of the database 1 
are updated. 
[0068] 

When a new version of a document, a new logic page and a new 
version of a logic page are made in this way, Table B and Table 
C are updated accordingly, and the parts that have been newly 
made are added to appropriate tables, thus being usable for 
subsequent access . 
[0069] 
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[4. Effect of embodiment] As has been described, in this 
embodiment, whether a. user is allowed to access each data is 
judged based on his organizational attributes stored in Table 
H, i.e. his section and post. When his section and post change 
owing to personnel reshuffling such as interdepartmental 
relocation, entering a company and leaving a company , maintenance 
of only the information that represents the attributes of each 
user suffices, and the contents of an access right automatically 
change accordingly. 
[0070] 

Thus, no time or labor is required to input a password for 
each data to be accessed, change a password when personnel 
reshuffling takes place, or re-set an access right for each data . 
In other words, the section and post of each user registered 
inTableH (Fig. 15) can be so constituted as to be changed directly 
from the Department of Personnel without using the information 
files as they are in the Department of Personnel or without doing 
any work in the Department of Information Processing. 
[0071] 

Consequently, when any change in a user' s section or post 
takes place, no time or labor is required to newly re-set an 
access right from an access right point of view, and the access 
right can be easily managed without any contradiction in the 
relationship with other personnel information. After all, 
according to this embodiment, labor saving can be realized much 
more than prior art in which all information related to the access 
right of each individual user is changed or made. 
[0072] 

On the other hand, when a document making or reference right 
changes, for example, because the allotment of duties given to 
a section is changed, only the access tables such as a reference 
right table and a making right table can be changed, and 
information related to the attributes of each individual user 
does not need to be changed, thereby making the management of 
an access right easy. 
[0073] 
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In this embodiment, access rights to a plurality of data 
having common characteristics can be effectively set in the lump 
using the kind of document shown in Table A (Fig. 3) and the 
superordinate concept of a large classification shown in Table 
E (Fig. 7), i.e. the binding unit that represents a plurality 
of documents. 
[0074] 

In particular, in this embodiment, whether a user has an 
access right is judged based on both his section and post, so 
it is easy to apply this embodiment to many organizations that 
are systematized in each section and department and have a 
hierarchical post system. 
[0075] 

Also, in this embodiment, since an access right can be set 
as shown in Figs. 12 to 14 according to the kind of access such 
as reference in which a document is only seen, making of a document 
and approval of the contents of a document, security can be 
accurately managed according to the flow of duties and the scope 
of authority. 
[0076] 

Also, in this embodiment, an access right to data such as 
a document can be set using the part such as each version or 
each page as a unit. Consequently, when one kind of data differs 
in character according to its parts, it is not necessary to 
forcibly decide whether access is permitted or not as the whole 
data . It is thus possible to set whether priority should be place 
on the usage of information by permitting access or whether 
priority should be placed on security without permitting access 
according to the characters of the parts. 
[0077] 

Also, in this embodiment, with regard to the data related 
to confidential matters that must be kept secret to other sections 
even in an organization and the data that is not ready for 
disclosure to other sections because it is being made, access 
can be limited only to users of a part of sections e. g. the 
section that makes the data, as shown in Table D (Fig. 6) , thereby 
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causing security to be further improved. 
[0078] 

Also, in this embodiment, the contents of a page can be stored 
in the form of an easy-to-treat table on a relational database, 
as shown in Figs. 9 to 11, thereby causing the storage to be 
implemented easily. 
[0079] 

In other words, in this embodiment, setting of an access 
right to data can be implemented collectively by means of a 
superordinate concept of the kind of data and large 
classification, or using a part of data such as version and page 
as a unit. In addition, setting of an access right using these 
as a unit can be implemented based on a section or post. 
[0080] 

Consequently, sharing of information is easily compatible 
with security by disclosing an appropriate kind of data or an 
appropriate part of data to an appropriate post of person in 
a section concerned. In particular, in this embodiment, only 
when an access right to data is checked by the document making 
and reference right check unit in addition to the checking 
performed when to be logged in, which part of data such as version 
and page the data has is indicated by the document contents 
indication unit 44 . Moreover, the page making and reference right 
check unit 45 checks the access right with regard to the part 
that a user is going to access and the kind of access. Thus, 
the security of the system is further improved by disclosing 
information to the user step by step. 
[0081] 

Enumerated as the concrete contents of a document in this 
embodiment is, for example, a document containing technical 
contents called a basic rule, a standard rule, or a standard 
plan. In such a document , each unified group like a specif ication 
of a product, standards of a product or handling regulations 
of a product is constituted as a logic page, and versions are 
increased each time the contents are revised, and versions both 
before and after revision are stored. 
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[0082] 

By applying the present invention to such an example, it 
is possible to prevent the disclosure of unnecessary information, 
promote the sharing of information and improve security, for 
example, by disclosing a document or page of the most up-to-date 
version out of various documents to various sections and by 
limiting the persons who can access a document or page of older 
versions to the persons holding managerial posts. 
[0083] 

[5. Other embodiments] The present invention is not limited to 
the above-mentioned embodiment, but includes other embodiments 
exemplified as follows. In the above-mentioned embodiment, for 
example, a section and a post as organizational attributes are 
stored in the form of a code, but either a section or a post 
may be used. Also, whether a user has an access right or not 
can be judged based on an organizational attribute other than 
a section or a post such as a regular staff member, an external 
contracted employee and a temporary worker, and the attribute 
may be stored not by a code but by a character string e.g. 
"department manager" and "section manager." 
[0084] 

And the various tables described above can be decreased in 
number by increasing the number of items per table and integrating 
them, or, they can be disintegrated. In the above embodiment, 
the example in which each document is categorized into two ranks, 
a kind of document and large category, but documents can be 
categorized into three or more ranks. 
[0085] 

In the above-mentioned embodiment, whether a user has an access 
right or not is judged in two steps of the unit of documents 
and the unit of pages, but judgement can be collectively made 
once. Also, in the above-mentioned embodiment, indicated as the 
parts of data are three kinds of parts such as version of data, 
page included in data and version of page, but an access right 
does not necessarily need to be judged based on such divided 
parts, but only one or two kinds of parts can be introduced. 
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[0086] 

Also, it is not mandatory to limit access only to users of a 
part of sections, and it is not mandatory either to store the 
contents of each page. Furthermore, for example, when a system 
itself is located in a safe place and no one other than authorized 
users can operate the system, themeans or processing for checking 
whether a user has the right to use the database system is not 
mandatory either. 

[0087] 

[Effect of the invention] According to the present invention, 
an access right is correlated with the organizational attribute 
of a user, so that data management can be easily changed. 

[Brief description of the drawings] 

Fig. 1 is a conceptual diagram showing the outline of the present 
invention . 

Fig. 2 is a block diagram showing the concrete configuration 
of the embodiment of the present invention. 

Fig. 3 is a diagram showing the contents of Table A that collates 
document ID and the kind of document in the embodiment of the 
present invention . 

Fig. 4 is a diagram showing the contents of Table B that collates 
document ID and a version in the embodiment of the present 
invention . 

Fig. 5 is a diagram showing the contents of Table C that collates 
document ID and a logic page in the embodiment of the present 
invention . 

Fig. 6 is a diagram showing the contents of Table D that collates 
a logic page and a secrecy level in the embodiment of the present 
invention . 

Fig. 7 is a diagram showing the contents of Table E that collates 
the kind of document and a large classification in the embodiment 
of the present invention. 

Fig. 8 is a diagram showing the contents of Table F that collates 
the kind of document and a logic page in the embodiment of the 
present invention . 
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Fig. 9 is a diagram showing the contents of Table G that collates 
a logic page and a table name in the embodiment of the present 
invention . 

Fig. 10 is a diagram showing the contents of Tables TBL01 and 
TBL02 in the embodiment of the present invention. 
Fig. 11 is a diagram showing the contents of Tables TBL31 and 
TBL32 in the embodiment of the present invention. 
Fig. 12 is a diagram showing the contents of Document Reference 
Right Table that sets an access right related to reference using 
a document as a unit in the embodiment of the present invention. 
Fig. 13 is a diagram showing the contents of Document Making 
Right Table that sets an access right related to making using 
a document as a unit in the embodiment of the present invention. 
Fig. 14 is a diagram showing the contents of Page Reference Right 
Table that sets an access right related to reference using a 
page as a unit and Page Making Right Table that sets an access 
right related to making using a page as a unit in the embodiment 
of the present invention. 

Fig. 15 is a diagram showing the contents of Table H that collates 
sections of each user with a user in the embodiment of the present 
invention . 

Fig. 16 is a flowchart showing the processing procedures in the 
embodiment of the present invention. 

[Explanations of letters or numerals] 

1 Database 

2 DBMS 

3 Display input interface unit 
3a Output device 

3b Input device 

4 Document management control unit 

41 User check unit 

42 Document access designation unit 
142 Designation device 

43 Document making and reference right check unit 
14 3 Judgement device 
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44 Document contents indication unit 

45 Page making and reference right check unit 

46 Page indication and writing unit 
146 Access device 

H Attribute table 

T Access right table 
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Fig. 1 

H Attribute table 

T Access right table 

1 Database 
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Fig. 2 
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4 Document management control unit 
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45 Page making and reference right check unit 

46 Page indication and writing unit 



Fig. 3 
Table A 



Document ID 


Kind of 
document 


Document name 


Symbol 


A001 


TS01 


Product B 


SA11 


A002 


MT02 


Test method C 


ZZk 


A003 


TS01 


Product X 


SAFF 


A004 


TS05 


New product J 


X-AK 


A005 


MT01 


Manufacturing 
method F 


T002 


A006 


TS05 


New product V 


X-BK 


A007 


MT01 


Manufacturing 
method G 


T356 


A008 


MT02 


Test method K 


ZFJ 
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Fig. 4 
Table B 



Document ID 


Document ver 


Issue date 


Remarks 


A001 


1 


Feb. 5, 1995 




A001 


2 


Mar. 1, 1997 




A002 


1 


May 8, 1995 




A003 


1 


Sep. 12, 1995 




A003 


2 


Jan. 20, 1996 




A003 


3 


May 30, 1997 













Fig. 5 
Table C 



Document ID 


Document ver 


Logic page 


Page ver 


A001 


1 


PS01 


1 


A001 


1 


PS02 


1 


A001 


1 


PS03 


1 


A001 


2 


PS01 


1 


A001 


2 


PS02 


2 


A001 


2 


PS03 


1 


A002 


1 


PS01 


1 


A002 


1 


PS02 


1 











Fig. 6 
Table D 



Document ID 


Logic page 


Page ver 


Secrecy 
level 


Making 
section 


A001 


PS01 


1 




BUA01 


A001 


PS02 


1 




BUA01 


A001 


PS03 


1 


BUA02 


BUA01 


A001 


PS02 


2 


J 


BUA01 


A002 


PS01 


1 




BUA02 


A002 


PS02 


1 




BUA02 
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Fig. 7 
Table E 



Large classification 


Kind of document 


TS-A 


TS01 


TS-A 


TS02 


TS-A 


TS03 


TS-B 


TS04 


TS-B 


TS05 






MT-A 


MT01 


MT-B 


MT02 







Fig. 8 
Table F 



Kind of document 


Logic page 


TS01 


PS01 


TS01 


PS02 


TS01 


PS03 


TS02 


PT01 


TS02 


PT02 


TS03 


PU01 


TS03 


PU02 


TS03 


PU03 






MT01 


PM01 


MT02 


PF01 


MT02 


PF02 







Fig. 9 
Table G 



Logic page 


Table name 


PS01 


TBL01 


PS01 


TBL02 


PS02 


TBL11 






PF01 


TBL31 


PF01 


TBL32 
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Fig. 10 
TBL01 



Document ID 


Page ver 


Substance name 


Quantity 


Unit 


A001 


1 


Covering agent 


5 


~o 


A001 


1 


Carbonate 


8 


% 


A001 


1 


Activator 


10 


% 


AOOl 


1 


perfume 


1 


% 


A001 


2 


Covering agent 


5 


% 


AOOl 


2 


Carbonate 


9 


% 


AOOl 


2 


Activator 


12 


% 


AOOl 


2 


Perfume 


1 


% 













TBL02 



Document ID 


Page ver 


Explanation 


AOOl 


1 


••• of a cleaning agent 


AOOl 


2 


A new composition ■•• 


A003 


1 


Constituents of a plant ••■ 









Fig. 11 
TBL31 



Document ID 


Page ver 


Device used 


Explanation of 
test method 


Remarks 


A002 


1 


TYPE-A 


Be careful of 




A008 


1 


TYPE-S 


Sample ■■• 




A008 


2 


TYPE-S 


Improved 















TBL32 



Document ID 


Page ver 


File name 


A002 


1 


DATA- 010 


A002 


1 


DATA-011 


A008 


1 


DATA-020 


A008 


2 


DATA-021 
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Fig. 12 



Document reference table 


Large 

classification 


Kind of 
document 


Section 


Post 


TS-A 


TS01 


BUA* 


★ 


TS-A 


TS02 


* 


A 


TS-A 


TS02 


★ 


B 


TS-A 


TS03 


BUG01 


★ 


TS-A 


TS03 


BUG02 


A 


TS-A 


TS03 


BUG03 


★ 


TS-B 


★ 


* 


★ 










Fig. 13 

Document making Table 


Large 

classification 


Kind of 
document 


Section 


Post 


TS-A 


TS01 


BUA01 


* 


TS-A 


TS02 


MUA02 


A 


TS-A 


TS02 


BUA02 


B 


TS-A 


TS03 


BUG01 




TS-B 


★ 


BUH03 


★ 











Fig. 14 

Page reference table 



Logic page 


Section 


Post 


PS01 


★ 


B 


PS01 


★ 


A 


PS02 


★ 


★ 


PS03 


BUA01 


★ 








Page making table 


Logic page 


Section 


Post 


PS01 


BUA01 


A 


PS01 


BUA01 


B 


PS02 


BUA01 


B 


PS03 


BUA01 


★ 
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Table H 



Log-in name 


password 


Staff name 


Section 
code 


Post 
code 


S9501234 


XSDER 


Taro Sato 


BUA01 


A 


S9502368 


TY2ERT 


Ichiro Suzuki 


BUA02 


B 


S9615236 


55ERTY 


Hanako Kobayashi 


BUG01 


A 


S9825482 


95DD522 


Masao Yamamoto 


BUA01 


C 













Fig. 16 
Table H 
Table A 
Table E 

Document making right table/Document reference right table 
Table C/Table B 

Page making right table/Page reference right table 

Table D 

TBL31, 32 

TBL01, 02 

Table G 

Start 

Step 1 Inputting log-in name and password 
Step 2 Registered? 

Step 3 Indicating a list of documents and designating a document 
Step 4 Retrieving the kind of document 
Step 5 Retrieving large classification 
Step 6 Does the user have an access right? 

Step 7 Indicating and designating document version, page and 
page version 

Step 8 Does the user have an access right to the page? 

Step 9 Is the secrecy level OK? 

Step 10 Indicating document and accessing 

End 

Rejection of access 
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Continued from the front page 

(72) Inventor: Toshikazu Ebata, c/o LION CORPORATION, 1-3-7, 
Honjo, Sumida-ku, Tokyo 

(72) Inventor: Kazuhiko Sai jo, c/o LION CORPORATION, 1-3-7, Honjo, 
Sumida-ku, Tokyo 

(72) Inventor: Akihito Kobayashi, c/o CSK Co., Ltd., 2-6-1, 
Nishi-shinjuku, Shinjuku-ku, Tokyo 
F-term (for reference) 
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